Author: Erik Aronesty 2018-07-09 04:29:02
Published on: 2018-07-09T04:29:02+00:00
A new construction for non-interactive multisig signatures that can be produced offline has been proposed. Each device produces a signature using its own k-share and x-share, with only the interpolation of M out of n shares being necessary. The security is based on Shamir + discrete log, and there are no round trips involved. The proposed construction is similar to Schnorr, but uses a threshold hash to fix the need to be online. While Pieter Wuille points out that Schnorr signatures are provably secure in the random oracle model assuming the discrete logarithm problem is hard in the used group, the proposer believes that their construction offers more usefulness. However, Pieter asks about the security assumptions of the new construction.
Updated on: 2023-06-13T03:55:01.438044+00:00